Comodo automatically allowing programs access?

I recently installed a game that needs on-line activation, after activating it I wanted to prevent it from accessing the net so I removed it’s rule from security policy (and then clicked apply). When I next ran the app it was automatically allowed in CFP, without notifying me at all. The producer is not in the trusted vendors list (only Comodo and Microsoft are). I’m sure that I was asked the first time round with the same app, so why not anymore?

I tested and found the same behaviour with the leaktest app from grc.com, it is automatically allowed and added by my firewall for some reason (this hasn’t happened before). CFP is set to Safe mode and clean PC mode, I have freshly installed it and the same behaviour is displayed.

Comodo’s CPILSuite test seems uneffected (not automatically allowed). And I passed the CLT test thing 100%.

So can anyone help me see what’s going on here?

CFP 3.0.25.378 (Leak Protection installed, not Defense+), old I know but it has been working fine for a long while and I’m afraid that the newer one will be way to bloated, on another note is that true or not?

Win XP 32 pro SP3

No major changes have been made to my system that I can think of before this started acting up, no other security software is installed other that avast! home, windows firewall is disabled.

***EDIT: Hang on, is this just happening 'cos the programs are already present on my HDD, Comodo’s recognising them as safe?

I guess the game is on the white list. You will have to notch up the Firewall to Custom Policy mode.

I am a bit confused about the clean pc mode and D+. It sounds like you have D+ enabled because it is set to clean pc mode but you say you disabled D+. Can you show me a screenshot of the Defense + settings?

Sorry, when you install it it asks if you would like D+ or not, and then if you want leak protection, AFAIK lighter version of D+.

AFAIK the D+ settings only differ in that the screen, disks and keyboard are not monitored for direct access. Otherwise all the other settings there are turned on, but this is a firewall issue anyway, a while ago I just ran D+ turned off completely, but since recently re-installing windows decided to try it again.

BTW I can manually tell it to block an app and that works, I think I’ve just gotten a bit overly paranoid here. :slight_smile:

Correct me if I’m wrong, but the fact that I have D+ set to safe mode means it recognises any apps already present on the system as safe, and only regards new stuff as suspicious? So as the apps are being seen as safe by D+ they are automatically allowed net access. Am I right? Might be overlooking other stuff here.

In safe mode the firewall will grant access to known applications (they are on the whitelist; this list can not be seen anywhere). It will report for all the others.

In custom policy mode you will be notified for each program unless you made a rule for it,

Well I’m pretty sure now that it’s okay, and was just because CFP was seeing the app as safe as it was already present on my system when I reinstalled CFP.

Another app that I added since, I was alerted to as it tried to connect so it seems I was worried aobut nothing.

Safe mode of D+ does not recognize already installed apps as being safe. Only Clean PC mode will do that which is why I leave mine set to it. Safe mode is too aggressive for me.